We don’t like to think about it, but as soon as you publish a website, it becomes vulnerable to attack, and the more successful you become, the greater the attempts to hack in. Being one of the most popular website builder and web hosting solutions out there, WordPress is definitely not invulnerable to this. In fact, a recent analysis revealed that 70% of WordPress installations could be vulnerable to hacker attacks.
Now before you start panicking and running for the hills, take a look at the five security plugins we’ve unearthed to help you tighten up your site vulnerabilities, and make it as hacker proof as possible.
- Also check out our roundup of the best antivirus
It may not be the prettiest plugin on the block, but BulletProof Security does its job, and is free, which makes it definitely worth checking out. The main page come with a video that highlights how to set it up once installed on your site.
The plugin includes a malware scanner, full, partial or manual database backup, .htaccess protection, login monitoring and idle session logout, among many others. It has a bigger sibling, BulletProof Security Pro which is available for $69.95, and allows you to install it on an unlimited number of websites, offers free lifetime upgrades, and of course, many tools not available in the free version, including Heads Up Dashboard Status Display, and a series of 16 mini plugins which is calls “Pro Tools”.
iThemes Security Pro aims to simplify securing your website for you. Features include monitoring 404 errors and if too many are coming from the same IP address, it assumes this is an attempt to gain access, and locks that address out of your site. The basics are also essential, such as forcing admins to use strong passwords - the more complex the password, the less likely it’ll be hacked. The same goes for activating two-factor authentication. Database backup is also a welcome addition in case something goes horribly wrong. One feature we particularly liked is a new one: Passwordless Logins (which is a similar concept to fingerprint authentication or FaceID).
Various plans are open to you - Blogger is the cheapest at $80 per year and allows you to protect a single site. Small Business ups that to 10 sites, for $127 per year. Finally, there’s Gold, letting you protect an unlimited number of sites for $199 per year.
Sucuri calls itself a platform because they offer a wide range of security features. They include the usual such as firewall, monitoring and detection. They protect your site from hacking, include a malware scanner, prevent SEO spamming, and repair tools it if an attack was successful. They also offer performance improvements, like website speed optimisation (they have caching options on their own servers).
All of this, and much more, obviously comes at a price, and as a result the Sucuri Security platform is the most expensive offering on this list. You have three plans, and each limits you to installing it on a single site. The higher the plan, the more frequent the scans take place. Basic starts at $200 per year, Pro, $300, and Business, $500. There’s an Enterprise option, but that price varies depending on your custom needs.
Like the other plugins on this list, SecuPress is designed to protect your site from malicious attacks. It will scan your site to determine its robustness to attack and offer fixes to secure any holes it might find. As you’d expect, it offers a backup feature, protection from brute force attacks, builds an IP and bot blocklist, has anti spam features, offers two-factor authentication, and even moves the login page, among many other offerings, all in a very elegant interface.
SecuPress charges per site, and the more websites you protect with it, the cheaper is gets. For instance using it on a single site will cost you $70 per year, but if you were to install it on 5 sites, that price would go down to $28.32 per site, per year (or $141.60 in total). 10 sites would cost you only $21.24 per site, per year (a total of $212.40). Jump to 200 sites, and the price crashes to $5.78 per site, per year (or $1,156.40). There’s also a free version with limited functionality, called SecuPress Free.
WordFence has an impressive list of features to protect your WordPress site from attack. It provides a firewall and security scanner, blocking malware, SEO spam, and malicious redirects amongst others. We liked the option of monitoring traffic in real time, and the ability to perform advanced manual blocks of any malicious human or robot activity. There are also tools to help you recover from a hack, including the ability to help you repair files damaged in the process.
Like SecuPress, WordFence charges per site, and the price goes down the more websites you protect with it (although not as steeply as SecuPress!): one licence will cost you $99. The price goes down slowly until you purchase 25 licences or more - at that level, the price is $74.25 per licence. A free version is also available.
- We've also highlighted the best WordPress plugins